2. Cryptography
to maintain and protect the confidentiality of the information when
it is transmitted on a communication medium
is the mechanism of encoding information is secret coded form.
keep communications limited and private to only the sender and
receiver
enhances the security, authenticity and integrity of the
information passed across the communication medium
3. Cryptography Schemes
The process of cryptography is achieved with the help of
encryption algorithm and an encryption key
The encryption algorithm is a mathematical procedure to
encrypt or decrypt the data.
Encryption key is the input that encryption algorithm takes
4. Cryptography Algorithm Types
Secret Key Cryptography (Symmetric)
Two entities share the same secret key.
Public Key Cryptography (Asymmetric)
Operates under two different keys.
One is used for encoding, the second for decoding.
Hash Functions (One-way cryptography, Message digests)
Encrypt the information into an irreversible codes.
5. Need for cryptography
In order to develop a secure database application, cryptography is
needed to identify all the possible threats to the application and
provide measures to prevent them.
The threats:
Violation of Privacy/confidentiality
Data can be read by an unintended receiver.
Tampering
modifying or deleting a resource without
proper access privilege
Spoofing
impersonating the identity of a different user and use it in an
unauthorized way
6. Purpose of Cryptography
Authentication
prevents spoofing by applying the digital
signature
Privacy/confidentiality
verifies, prevents unintended receiver from
reading the data
Integrity
verifies whether the data received by the receiver
is the same data as sent by the sender
Non-repudiation
ensures that a user or a business organization or
program entity has performed a transaction
7. Java Cryptography Architecture (JCA)
JCA is a framework written in Java to access and develop
cryptographic functionality, and forms part of the Java security API
Java Cryptography Extension (JCE) extends the underlying
architecture of JCA to implement encryption, key exchange
JCA and JCE together provide a complete, platform-independent API.
8. Design Principles of JCA
JCA was designed to access cryptography and security concepts.
Implementation independence and interoperability.
Algorithm independence and extensibility
9. Components of JCA
Cryptographic Service Providers
is a package or a set of packages defined by the JCA to
implement one or more cryptographic services.
Key Management
manage the library of keys and certificates which in a
database called keystore.
KeyStore class in the java.security package
10. Cryptographic Service
The Service provider classes are also known as Engine classes.
13. Java Cryptography Extension (JCE)
JCA is a set of packages that form a framework and provides
implementations for encryption, key generations and agreement,
and Message Authentication Code (MAC) algorithms.
Additional cryptographic libraries can be plugged in.
18. Password Based encryption (PBE)
generates a secret encryption key based on a password provided by
the end user.
is one of core classes from JCE
javax.crypto
19. Password Based encryption (PBE)
mix in a random number with the password, called the salt
prevent dictionary attacks or pre-computation attacks
22. Encrypting Data using Passwords
Take the string and create an instance of PBEKeySpec
Use a SecretKeyFactory to produce a SecretKey instance
Generate a random salt
Select an iteration count and create a PBEParameterSpec
Create a Cipher from the SecretKey and PBEParameterSpec
Encrypt the data with the Cipher and write output of the Cipher